Security is Inconvenient
|
| Author | Content |
|---|---|
| Bob_Robertson May 13, 2010 6:44 PM EDT |
Seriously, Andrew Sinclair in the OP comments points out something often glossed over: Government did not invent the Internet. The colleges, universities and research institutions around the world which created the Internet through the RFC process did it. Maybe ARPAnet was the seed, but it was not the whole plant or even a major part of it. It wasn't until late 1992 that the NSF changed the rules excluding "commercial content" and "commercial providers" from connecting to the "Internet". THEN the explosion of innovation and use occurred, utilizing the fundamental protocols outlined in the "open" RFCs to eventually connect everyone on Earth to everyone else. The US Fed.Gov has, for the most part, always been clueless about computers. The NSA, one of the few actually computer competent agencies in addition to NASA, created SELinux a decade ago. If it weren't for politics, if security actually mattered to people in the Fed.Gov, they would be using SELinux instead of Windows. But Windows is an easy purchase on government procurement forms, and reinforces one of the big donors to re-election campaigns. Taking the time to spec out a machine for SELinux would be too inconvenient. Security is inconvenient. |
| gus3 May 13, 2010 9:24 PM EDT |
Let's clarify something. Different aspects of security are inconvenient for different parties: "Authentication" is inconvenient for users. Its counterpart, "authorization," is inconvenient for developers. "Compromised credentials" is inconvenient for sysadmins. "Sanitizing input" is inconvenient for developers. "Unsanitized input" is inconvenient for users whose data gets wiped. It's like the old line, "if you think education is expensive, try ignorance." |
| Bob_Robertson May 14, 2010 7:58 AM EDT |
That reminds me... At the end of _Earthweb_, Marc Steigler (programmer and now twice author) points out existing authentication methods that he thinks would solve several problems. I'm saying this to put myself on the spot about going and getting the list, to reproduce here, for general consumption. |
| Bob_Robertson May 14, 2010 9:23 AM EDT |
Ok, here it is: Marc Stiegler's personal site: http://www.skyhunter.com/marc.html An introduction to Capability-based security: http://www.skyhunter.com/marcs/capabilityIntro/index.html |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!